Social Media

Could CISPA Be the Next SOPA?

A bill introduced to the House of Representatives late last year could become the centerpiece of the next SOPA-style struggle between the tech community and Washington, D.C.

The bill already has over 100 co-sponsors and the backing of some of Silicon Valley's most prominent companies, including Microsoft and Facebook —- support which SOPA never enjoyed.

It's called the Cyber Intelligence Sharing and Protection Act (or CISPA, for short). CISPA would alter the existing National Security Act of 1947 to allow private businesses and the government to share information about cyberthreats — including "efforts to degrade, disrupt or destroy" vital networks or "threat or misappropriation" of information owned by the government or private businesses, such as intellectual property.

To ensure that business-government information sharing happens on a two-way basis, CISPA requires the Director of National Intelligence to set up ways for the intelligence community to pass along threat information to private companies and make sure they actually go ahead and do that. To prevent sensitive information from being shared willy-nilly, CISPA requires that any recipient of such threat reports have a security clearance and a valid need for the information.

Finally, CISPA allows third-party cybersecurity firms (which provide cyber protection to the government and private businesses) to "use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property" of their clients. They're also allowed to share that information with any other business or government department, provided their client gives them permission to do so.

CISPA prevents these private firms from using shared cybersecurity information to gain an advantage, and if they share information with the federal government, they don't have to disclose it to the public. Meaning, if Company X is hacked, they can tell the government about it without alerting employees, shareholders or the public at large.

As long as a cybersecurity firm acts in "good faith" according to these stipulations, it's immune to civil or criminal lawsuits regarding information sharing.

Rep. Mike Rodgers (R-Mich.), who introduced the bill along with Rep. Dutch Ruppersberger (D-Md.), has framed CISPA as a bill to protect American intellectual property from state-sponsored digital theft of intellectual property.

“Every day U.S. businesses are targeted by nation-state actors like China for cyber exploitation and theft,” said Rodgers in a statement. “This consistent and extensive cyber looting results in huge losses of valuable intellectual property, sensitive information, and American jobs. The broad base of support for this bill shows that Congress recognizes the urgent need to help our private sector better defend itself from these insidious attacks,” he said.

"Effective security requires private and public sector cooperation, and successful cooperation necessitates information sharing," wrote Joel Kaplan, vice president of U.S. Public Policy at Facebook. "Your legislation removes burdensome rules that currently can inhibit protection of the cyber ecosystem, and helps provide a more established structure for sharing within the cyber community while still respecting the privacy rights and exceptions of our users."

According to the EFF, the language in CISPA is worded so broadly that it could be interpreted to allow Internet Service Providers (ISPs) and companies such as Google and Facebook to intercept your messages and transmit them to the government.

They also warn that CISPA could be used as a blunt instrument against copyright infringement, similar to concerns about SOPA. Finally, they'd rather not see the Director of National Intelligence in charge of information sharing — they feel a civilian position would provide for more transparency and accountability.

"The idea is to facilitate detection of and defense against a serious cyber threat, but the definitions in the bill go well beyond that," said the EFF in a blog post. "The language is so broad it could be used as a blunt instrument to attack websites like The Pirate Bay or WikiLeaks."

Mashable
is a global, multi-platform media and entertainment company. Powered by its own proprietary technology, Mashable is the go-to source for tech, digital culture and entertainment content for its dedicated and influential audience around the globe.